Stephen Colbert Addresses Russian Pokemon Go Election Controversy

PreviousSlide 1/2Next

Stephen Colbert’s Response

As per his usual style of social commentary, Colbert had plenty of fuel for his jokes when combining U.S. politics and Pokemon Go.

He began by taking a shot at Pokemon Go itself, referring to it as a game that’s been forgotten since last year, before moving onto Russia itself. From there, he moved onto a particularly lewd joke about President Trump and the innocent Squirtle, a joke that’s surely been made before but perhaps not yet in the context of this topic.

Of course, he also took a jab at Hillary Clinton and her campaign efforts as well as her questionable reference to Pokemon Go in an attempt to appeal to younger voters, so everyone was still fair game during Colbert’s latest segment.

PreviousSlide 2/2

What Do You Think About the Pokemon Go / Russia Situation?

Russians ‘used Pokemon Go to sow division’ in run-up to US presidential election

A Russian-linked account reportedly used the popular video game Pokemon Go to draw attention to alleged police brutality in the United States.

A report by CNN adds another detail to the emerging portrait of Russian efforts to shape public opinion and foment discord in the run-up to the 2016 presidential election.

After American intelligence agencies concluded that Russian President Vladimir Putin had launched a wide-ranging campaign to “undermine public faith in the US democratic process”, Facebook revealed that Russian entities had purchased thousands of advertisements intended to widen divisions around contentious issues like race and gun rights.

Among the topics reportedly addressed was the Black Lives Matter movement, which seeks to draw attention to African-Americans dying at the hands of police officers. According to CNN, one of the artificial accounts Facebook has taken down was entitled “Don’t Shoot Us” and was used to disseminate information about incidents of police brutality.

The effort reportedly enlisted Pokemon Go, a game in which players use their smartphones to “catch” digital creatures superimposed on the real world. CNN found that Don’t Shoot Us encouraged users to play near sites of reported police violence and to name their Pokemon “with a US police brutality victim’s name”.

Niantic, the company behind Pokemon Go, said in a statement that “our game assets were appropriated and misused in promotions by third parties without our permission“ and that ”our platform was in no way being used“ because players can’t use the app to share information with other players. 

Facebook did not respond to a request to confirm that Don’t Shoot Us was among the suspended accounts.

Congressional investigators are keenly focused on the role social media platforms may have played in helping to disseminate Russian-generated content. Representatives from Facebook, Google and Twitter have been invited to testify on the matter in an upcoming open hearing.

In an interview on Thursday with Axios, Facebook chief operating officer Sheryl Sandberg said Congress should publicly release the Russian-linked ads the social media giant has turned over.

“Things happened on our platform in this election that should not have happened, especially troubling foreign interference in a democratic election,” Ms Sandberg said.

Reuse content

Thoughts on Facebook’s 9 plans to curb election interference – Kopitiam Bot

Election meddling is Facebook’s next adversary, and it’s got a plan to attack it just like it did with fake news. Solutions to both these scourges come too late to prevent tampering that may have aided Donald Trump winning the presidency — but at least Facebook is owning up to the problem, working with the government and starting to self-regulate. Here’s the nine-point plan Zuckerberg has devised to combat election interference, plus our commentary on each strategy’s potential.

One: Providing Russian-bought ads to Congress – “We are actively working with the US government on its ongoing investigations into Russian interference. We have been investigating this for many months, and for a while we had found no evidence of fake accounts linked to Russia running ads. When we recently uncovered this activity, we provided that information to the special counsel. We also briefed Congress — and this morning I directed our team to provide the ads we’ve found to Congress as well. As a general rule, we are limited in what we can discuss publicly about law enforcement investigations, so we may not always be able to share our findings publicly. But we support Congress in deciding how to best use this information to inform the public, and we expect the government to publish its findings when their investigation is complete.”

TC – Facebook initially shared more information with Special Counsel Robert Mueller than Congress, but after checking to make sure it won’t violate privacy laws, it’s giving the Russian-bought ads to Congress too. This could aid their investigation while preventing them from legally extracting the information from Facebook in a messy public ordeal.

Two: Continuing Facebook’s own investigation – “We will continue our investigation into what happened on Facebook in this election. We may find more, and if we do, we will continue to work with the government. We are looking into foreign actors, including additional Russian groups and other former Soviet states, as well as organizations like the campaigns, to further our understanding of how they used our tools. These investigations will take some time, but we will continue our thorough review.”

TC – Facebook’s depth of access to its systems means it could surface evidence of election interference that Mueller or Congress can’t get from just the data Facebook provides. Facebook needs to review not just its advertising systems and fake news in the News Feed, but also use of Events, chat, user profiles, Groups and its other apps like Instagram and WhatsApp.

Three: Political ad transparency – “Going forward — and perhaps the most important step we’re taking — we’re going to make political advertising more transparent. When someone buys political ads on TV or other media, they’re required by law to disclose who paid for them. But you still don’t know if you’re seeing the same messages as everyone else. So we’re going to bring Facebook to an even higher standard of transparency. Not only will you have to disclose which page paid for an ad, but we will also make it so you can visit an advertiser’s page and see the ads they’re currently running to any audience on Facebook. We will roll this out over the coming months, and we will work with others to create a new standard for transparency in online political ads.”

TC – Facebook has held that ads are user content and therefore it could violate privacy to disclose the content and targeting of all ads. Businesses see their ads and targeting schemes as proprietary secrets. But when it comes to election and political advertising, the public good may need to be prioritized above corporate privacy. Building this transparency system may be complicated, and most users might not take the time to use it, but it could assist investigators and provide peace of mind.

Four: Political ad reviews – “We will strengthen our ad review process for political ads. To be clear, it has always been against our policies to use any of our tools in a way that breaks the law — and we already have many controls in place to prevent this. But we can do more. Most ads are bought programmatically through our apps and website without the advertiser ever speaking to anyone at Facebook. That’s what happened here. But even without our employees involved in the sales, we can do better.”

TC – The lack of stronger oversight of political ad buying given the contentious 2016 U.S. presidential election may have been one of Facebook’s most obvious mistakes. It needs to do a better job of understanding when scale isn’t an excuse for weak monitoring of this highly sensitive type of advertising. Facebook has long touted its ability to influence people, but didn’t put sufficient safeguards in place to prevent unethical or illegal influence campaigns. If Facebook can build these scaled systems for programmatic ad buying, it must also do the work to implement programmatic protections against abuse with keyword block lists, visual detection of hateful imagery, and triggers that push ads to human review.

Bonus – Facebook admits it can’t block all the interference – “Now, I’m not going to sit here and tell you we’re going to catch all bad content in our system. We don’t check what people say before they say it, and frankly, I don’t think our society should want us to. Freedom means you don’t have to ask permission first, and that by default you can say what you want. If you break our community standards or the law, then you’re going to face consequences afterwards. We won’t catch everyone immediately, but we can make it harder to try to interfere.”

TC – It’s good to see Facebook being honest about its limitations here. It’s built a community too big to perfectly police, and accepting that is the first step to getting closer to satisfactory protection.

Five: Hiring 250 more election integrity workers – “We are increasing our investment in security and specifically election integrity. In the next year, we will more than double the team working on election integrity. In total, we’ll add more than 250 people across all our teams focused on security and safety for our community.”

TC – Again, this is something Facebook should have known to do before the 2016 election. It’s earning more than $3 billion in profit per quarter, so it can easily afford this staff increase. It’s merely a matter of Facebook foreseeing the worst-case scenarios of how its products could be used, which it’s repeatedly failed to do.

Six: Partnerships with election commissions – “We will expand our partnerships with election commissions around the world. We already work with electoral commissions in many countries to help people register to vote and learn about the issues. We’ll keep doing that, and now we’re also going to establish a channel to inform election commissions of the online risks we’ve identified in their specific elections.”

TC – Rather than simply reacting to election interference, it’s smart for Facebook to proactively seek to provide information to election commissions while also educating the public in order to inoculate them against malicious influence.

Seven: Collaboration with other tech companies – “We will increase sharing of threat information with other tech and security companies. We already share information on bad actors on the internet through programs like ThreatExchange, and now we’re exploring ways we can share more information about anyone attempting to interfere with elections. It is important that tech companies collaborate on this because it’s almost certain that any actor trying to misuse Facebook will also be trying to abuse other internet platforms too.”

TC – Facebook already does this to protect people across the internet from terrorist propaganda and child pornography. As the largest social network, it has the opportunity to serve as a central hub for connecting services like Twitter, YouTube, Snapchat and Google to ensure strategies for blocking election interference are propagated across the web.

Eight: Protecting political discourse from intimidation – “We are working proactively to strengthen the democratic process. Beyond pushing back against threats, we will also create more services to protect our community while engaging in political discourse. For example, we’re looking at adapting our anti-bullying systems to protect against political harassment as well, and we’re scaling our ballot information tools to help more people understand the issues.”

TC – Beyond broadcast forms of interference like ads, fake news and events, Facebook users are vulnerable to being shouted down for voicing reasonable political opinions. While these attacks deal with a person’s viewpoints rather than their inherent identity, like most bullying, Facebook can efficiently repurpose existing technologies to suspend accounts that try to disrupt civil discourse.

Nine: Monitoring the German election – “We have been working to ensure the integrity of the German elections this weekend, from taking actions against thousands of fake accounts, to partnering with public authorities like the Federal Office for Information Security, to sharing security practices with the candidates and parties. We’re also examining the activity of accounts we’ve removed and have not yet found a similar type of effort in Germany. This is incredibly important and we have been focused on this for a while.”

TC – For Facebook to start earning back public trust, it needs to show it can block a significant amount of the attempted interference in elections. This weekend’s German election is a good opportunity for this. If Facebook is seen as inadequately defending democratic processes after being put in the spotlight, it risks even more stringent backlash.

Overall, Facebook’s plan is sensible, even if it comes a year later than needed. Scale can’t be an excuse. Programmatic ad buying that doesn’t go through human sales people is what’s allowed Facebook to grow so large and profitable. Those profits must be reinvested into both human and algorithmic safeguards against abuse. It’s a problem worth throwing money at in the short-term, at least until the behavior of human moderators can be built into more cost-efficient automated systems.

Hopefully Facebook’s mistakes and the general naiveté of tech companies and the public toward election interference will lead to a swing far in the other direction as the world wakes up to how sophisticated attacks on democracy have become.

You can watch Zuckerberg’s announcement video of this new initiative below:

Additional reporting by Jonathan Shieber

Facebook’s Election Ad Overhaul Takes Crucial First Steps

Facebook has agreed to give Congressional investigators roughly 3,000 political ads it found linked to Russian accounts that ran during the 2016 election. The company will also overhaul the way it approaches campaign ads altogether, seeking to create a “new standard for transparency,” CEO Mark Zuckerberg said in an address on Facebook Live Thursday.

This unexpected announcement from Facebook suggests the company has finally started listening to its many critics in Congress, the media, and at large. Less than a year ago, in the immediate aftermath of the election, Zuckerberg dismissed the idea that Facebook’s fake news problem had anything to do with the results. Today’s address suggests that the billionaire founder, who built a platform that two billion people rely on for news and political interactions, is finally starting to appreciate that his creation can do as much harm as good in this world.

Going forward, Facebook will require political advertisers to disclose the pages that have paid for the ad. Today, no law requires political advertisers to do this online, even though such disclosures are required on television. Facebook was unable to clarify whether this new rule applies only to official campaign organizations and PACs, or if it will apply more broadly to all political content.

Intriguingly, the company will also allow any user to visit an advertiser’s page and see all of the ads they’ve sent to segmented parts of the Facebook universe. Until now, advertisers, including President Trump’s campaign, have been able to target certain users on Facebook with highly tailored messages that others can’t see. While these ads, often referred to as “dark posts,” are commonplace in digital advertising, they pose a serious transparency threat when it comes to politics and government.

Facebook also plans to add 250 people to its election integrity team, and to work more closely with election commissions around the world to report any risks or unusual behavior it identifies.

“Now, I wish I could tell you we’re going to be able to stop all interference, but that wouldn’t be realistic,” Zuckerberg said. “There will always be bad people in the world, and we can’t prevent all governments from all interference. But we can make it harder. We can make it a lot harder. And that’s what we’re going to do.”

Reactive Measures

The company’s election integrity makeover and its commitment to share more information with Congress comes amid a growing backlash from leading senators like Mark Warner, vice chair of the Senate Intelligence Committee, and Richard Burr, the committee’s chairman. They and others have asked Facebook for access to the ads ever since the company revealed it had discovered them weeks ago. Since then, Facebook has offered the ads only to special counsel Mueller’s team, leaving investigators on Capitol Hill largely in the dark.

“We believe it is vitally important that government authorities have the information they need to deliver to the public a full assessment of what happened in the 2016 election,” Facebook general counsel Colin Stretch wrote in a blog post Thursday. “That is an assessment that can be made only by investigators with access to classified intelligence and information from all relevant companies and industries—and we want to do our part.”

Even so, the move represents but a half-step toward transparency for Facebook. The company says it has not yet agreed to meet with Congress for an open hearing about Russian interference in the 2016 election, as Twitter plans to do next Wednesday.

In Thursday’s livestream, Zuckerberg explained the company’s reticence about the issue. “As a general rule, we are limited in what we can discuss publicly about law enforcement investigations, so we may not always be able to share our findings publicly,” he said. “But we support Congress in deciding how to best use this information to inform the public, and we expect the government to publish its findings when their investigation is complete.”

Zuckerberg acknowledged also that the company’s own investigation is far from complete, and that it “may find more,” in which case Facebook will continue to work with the government. What’s still unclear is whether either Mueller’s team or Congressional investigators will be able to see what exactly Facebook’s internal investigation entails.

First Steps

Whatever comes of the investigation into the 2016 election, the measures Zuckerberg announced today are vital toward fending off similar threats in future campaigns. Allowing citizens to see who pays for campaign ads on Facebook, and what their candidates and elected officials are saying to different subsets of the population, is an unprecedented move in the internet age. As a platform for two billion people, Facebook is well-poised to set that precedent.

It’s clear, though, that none of these decisions can fully prevent malicious foreign actors from spreading their influence online. There are, of course, ways that they can organically spread content with coordinated hashtag campaigns and fake news stories, carefully shared with select Facebook groups. Since the election, Facebook has created ways that users can flag fake news, and it’s taken steps toward cracking down on accounts that share fake news multiple times. But it’s unclear still how efficiently those moves have cleaned up people’s News Feeds.

And despite these changes, Zuckerberg acknowledged, Facebook’s advertising platform remains vulnerable. The majority of ads on Facebook are bought programmatically, meaning machines do most of the buying, without human involvement. That, he says, is how the Russia-linked ads were purchased. While the company says it plans to develop new levels of human oversight, Zuckerberg was clear that Facebook does not want to be in a position of policing speech. The more Facebook involves itself in what people can and cannot say, the more it risks taking a hit not only from communities that argue they’re being censored, but also to its bottom line.

“We don’t check what people say before they say it, and frankly, I don’t think our society shouldn’t want us to,” Zuckerberg said. “Freedom means you don’t have to ask permission first, and that by default you can say what you want. If you break our community standards or the law, then you’re going to face consequences afterwards.”

That seems like an appropriate bar to set. So far, in the case of Russian meddling, it hasn’t proven true.

Facts, trends and unheard voices: empowering journalists during the upcoming German election

For the News Lab, elections are opportunities to empower journalists with the technology and data they need to keep their readers informed. For the German election on September 24th, our efforts are formed around three key themes: promoting accurate content, offering data that provides helpful context, and surfacing unheard voices.

Guiding all of these efforts is a spirit of experimentation and collaboration with news partners to address the challenges and take advantage of the opportunities digital reporting presents.

Promoting accurate content

On September 4th, alongside Facebook, we began helping two organizations—First Draft and Correctiv—monitor misleading information during the German election. First Draft is a coalition of organizations dedicated to improving skills and standards in the reporting and sharing of information that emerges online. Correctiv is the first nonprofit investigative newsroom in the German-speaking world. Its fact-checking team started a few months ago and is a member of the International Fact Checking Network.

As a part of our partnership with Corrective, we funded and supported a team of journalists from across Germany called WahlCheck17 (Election Check 17). The team will work in a pop-up newsroom opened at the Corrective office to verify and fact-check online news stories and conversations in real-time during the final few weeks before the election. The team includes fact-checking experts from First Draft and Corrective, experienced students and graduates from the Hamburg Media School, and freelance journalists.

In the same vein as First Draft’s work on CrossCheck in France and our partnership with Full Fact during the UK general election in May, the WahlCheck17 team will alert German newsrooms by publishing a daily newsletter that lists the most popular rumors, manipulated photos and videos, and misleading articles and data visualizations circulating online, and offers additional context on the sources.

Using Trends to offer additional context

Google Trends offers insight into the candidates, parties, and moments that dominate the election campaign. Our new Google Trends election hub highlights search interest in top political issues and parties, with embeddable graphics that show what people across Germany have been most interested in throughout the election campaign.


2Q17, a unique data visualization created by the renowned data designer Moritz Stefaner, depicts queries that Germans are searching for in relation to the top candidates. This project is part of Google News Lab’s series of visual experiments to develop innovative and interactive storytelling formats to cover important news moments.


Surfacing unheard voices

During the French presidential election, the News Lab partnered with a publisher to surface the views of voters across France in 360. Now we’re working with Euronews on a similar project to surface unheard voices in Germany. In partnership with German regional media outlets, who will provide context on the socioeconomic conditions of their respective regions, this project will provide an immersive journey through Germany in the weeks leading up to the election. Watch the first episode starring Masih Rahimi, an Afghan migrant and IT trainee living in Passau.

At the News Lab, we strongly believe in the importance of quality journalism and the power of collaboration between tech and media companies to strengthen it. During elections, this is more important than ever. If you want to find out more about Google‘s efforts for the German election read our German blog.

Security News This Week: Germany’s Election Software Is Dangerously Hackable

Another week, another revelation of a massive breach with potentially far-reaching consequences. Well, two of those this week, actually. First, Symantec revealed that hackers—probably based in Russia, although the security firm didn’t go so far as to name names—had hacked more than 20 power companies in North America and Europe, and in a handful of cases, had direct access to their control systems. And then Equifax confessed it had been the target of a breach that stole 143 million Americans’ data, one of the worst data spills ever, and one that raises questions about data centralization, particularly for Social Security Numbers.

Megabreaches aside, Facebook admitted that a Russian troll farm had spent $100,000 on influence ads during last year’s election. Google patched a flaw in Android that would allow a nasty “toast overlay” attack to take control of devices. WIRED dug into the long-running series of scams and theft plaguing new currencies in the cryptocoin economy. And we spoke to the Democratic National Committee’s chief technology officer about how he hopes to prevent the next attack aimed at disemboweling the party.

And there’s more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories.

Researchers Uncover Serious Holes in Germany’s Voting Software

After hackers believed to be Russian meddled in both the US and French elections, Germany is likely next on the target list. And this week the Chaos Computer Club, a German collective of hackers and security researchers, exposed the results of their unsolicited audit of the country’s voting infrastructure. They found that a program called PC-Wahl, used for recording, counting, displaying, and analyzing votes in German elections from the local level to the national government. The hackers found they could corrupt the updates from the server controlling that software to re-tabulate votes at will, with potentially disastrous consequences for the country’s October parliamentary election. The CCC says that VOTE-IT, the company behind the software, privately fixed the security flaws the group exposed while publicly refusing to acknowledge the vulnerabilities.

Ultrasonic Voice Commands Can Hijack Siri and Amazon Echos

These days, it’s not just politicians who can use “dog-whistles” to send messages intended only for a very particular audience. So can hackers. Researchers at the University of Zhejiang have shown that they can send ultrasonic signals to voice assistants like your iPhone’s Siri, Amazon’s Echo, Google Now, and even the voice command systems of an Audi car that are inaudible to humans, but nonetheless picked up and obeyed by those systems. Their technique, which they call DolphinAttack, can be achieved with just a few dollars of equipment like an ultrasonic transducer and a battery, as well as a smartphone, and could allow hackers to silently “speak” to nearby devices and cause them to visit malware-infected websites, make calls that stream audio for surveillance purposes, or other mischief. And since the attack takes advantage of physical properties of the microphone that cause it to pick up commands from ultrasonic waves, there’s no easy fix for the problem.

Critical Bug in Open-Source Framework Could Endanger Corporate DataA bug announced this week in the Apache Struts web application software could allow attackers to take over servers running applications built with the framework, enabling the intruders to steal or manipulate sensitive data. The bug is now patched, but is significant because many organizations and Fortune 100 companies run and rely on affected applications. The vulnerability specifically impacts an Apache Struts plugin called REST that has been around since 2008. Vulnerable systems are everywhere, from public-facing platforms for banking and reservations to back-end software within a company, and researchers say exploiting the bug is simple using a web browser. They hadn’t seen evidence that the bug was exploited before their announcement, but stressed how important it is for organizations to patch and monitor their systems.

Resumes of Military and Intelligence Personnel Discovered in Unsecured S3 BucketRoughly 9,400 sensitive resumes, many from US veterans, were found accessible and exposed in a recruiting firm’s Amazon Web Services server, according to Chris Vickery and other researchers at the UpGuard security firm. The resumes date back to 2008 and were from applicants applying to work for the private security group TigerSwan, which contracted with the third party TalentPen until February. Some of the applicants claimed in their resumes to have US government top secret clearance, and many detailed sensitive military and intelligence work. The documents also naturally included personal information like email addresses, phone numbers, home addresses, and even passport numbers and partial social security numbers. Some of the submissions were from Iraqi and Afghan nationals who worked with US organizations. “While criminals could use the deep knowledge of work experience and personal details … the value of this database to foreign intelligence agencies if they were to access it is not insignificant,” UpGuard noted.

Widespread Protests Criticizing Togolese Government Prompt Telecommunications BlackoutsBeginning on Tuesday, internet users in Togo began reporting slow or inaccessible internet and wireless connections, and lost access to communication platforms like WhatsApp, Facebook, and even SMS text messaging over cell networks. The country was experiencing widespread blackouts by Thursday, and some residents traveled to Togo’s borders looking for connectivity leaking in from neighboring countries. The West African NGO Internet Without Borders and the internet infrastructure company Dyn both confirmed local reports. The blackouts are in response to extensive protests demanding Togolese President Faure Gnassingbé’s resignation. Governments in countries like Gabon and Cameroon have used similar repression tactics to attempt to quiet dissent.

Facebook sold more than $100,000 in political ads to a Russian company during the 2016 election

Following its April post-mortem on its platform’s role in the 2016 U.S. presidential election, Facebook is out with some juicy new details. Most noteworthy given the public’s intense interest in all things Russian is the fact that potential pro-Kremlin entities apparently purchased as much as $150,000 in political ads on the platform between 2015 and 2017.

As Facebook Chief Security Officer Alex Stamos explained in a blog post:

“There have been a lot of questions since the 2016 US election about Russian interference in the electoral process. In April we published a white paper that outlined our understanding of organized attempts to misuse our platform. One question that has emerged is whether there’s a connection between the Russian efforts and ads purchased on Facebook. These are serious claims and we’ve been reviewing a range of activity on our platform to help understand what happened.

“In reviewing the ads buys, we have found approximately $100,000 in ad spending from June of 2015 to May of 2017 — associated with roughly 3,000 ads — that was connected to about 470 inauthentic accounts and Pages in violation of our policies. Our analysis suggests these accounts and Pages were affiliated with one another and likely operated out of Russia.”

In addition to that $100,000, another $50,000 in political ad spending is thought to have loose connections to Russia that suggest Russian origins, including “ads bought from accounts with US IP addresses but with the language set to Russian.”

According to Stamos, the “vast majority” of the ads in question did not explicitly mention candidate names or the presidential race itself. Instead, they focused on a spectrum of wedge issues that were particularly hot leading into the election, including gun rights, immigration, LGBT rights and race. Roughly one quarter of these ads were targeted to particular geographic regions, particularly the ads that ran in 2015. Facebook’s more recent findings mesh with the insights around political misinformation campaigns that it published in April of this year. Perhaps most interesting is the revelation that bots aren’t actually responsible for most of this stuff — the bulk of it appears to be non-automated, coordinated campaigns by human actors.

Given the deep knowledge of state-level American politics necessary to successfully geo-target ads like these, the whole thing raises further questions about the possibility that entities linked to the Russian government might have coordinated with individuals in the U.S., though it doesn’t begin to answer those questions.

On Wednesday, Facebook spoke to Congress about the findings as part of its investigation into Russian interference in the 2016 U.S. election. In a follow-up story by the Washington Post, Facebook admitted that “there is evidence that some of the accounts are linked to a troll farm in St. Petersburg, referred to as the Internet Research Agency, though we have no way to independently confirm.” The Internet Research Agency is a group known for its pro-Kremlin online propaganda campaigns which U.S. intelligence agencies believe is funded by a close associate of Russian President Vladimir Putin with connections to the Russian intelligence community.

For its part, Facebook has been acting on the results of its internal audit examining the ways its platform may have been exploited in the 2016 U.S. election. Based on these reviews, the company was able to boot 30,000 suspect accounts engaging in what it calls “false amplification” off its platform around the time of the French election earlier this year. The company has also begun blocking ads from pages and accounts that repeatedly share fake news and misinformation. Still, if these kind of influence campaigns are truly linked to Russian intelligence efforts, Facebook is going to have a hell of a time trying to stay a few steps ahead.

Featured Image: Sean Gallup/Getty

Nvidia Stock: Best Performer Since Trump’s Election

While investors banking on Donald Trump’s business-friendly platform sent bank and industrial stocks soaring following his election win in November, roughly nine months later, Chipmaker Nvidia has become the best performing stock on the S&P 500 Index.

Thanks to a surge in gaming and, to some extent, bitcoin mining, Nvidia stock has gained 133% as the wider index jumped 16% in the same period. For comparison, the best performer a month after Trump’s election was oil company Transocean.

Nvidia’s rise comes as parts of Trump’s agenda, including plans to replace the Affordable Care Act, has stalled in Congress. While some post-election winners such as Goldman Sachs (which has fallen 9% off its post-election high) and private prison Corecivic (down 29%) have pared some of those gains, tech stocks have helped push the U.S. stock markets into continual new highs.

Nvidia’s top spot on the S&P 500 is nothing new. Not only has the stock been the best performer on the S&P 500 over the past year—rising 192%—but it’s been the best performing S&P 500 stock over the past four years, up 1,087% in that time. And these gains could continue: The company’s main source of revenue, the video game industry, is expected to grow to $109 billion in revenue in 2017. Nvidia also expanded into self-driving cars and artificial intelligence.

The company’s sales, which rose 38% to $6.9 billion in 2016, may also be getting a more recent boost from the rise of cryptocurrencies. The total market value of cryptocurrencies has risen by $106 billion to $123.9 billion since the start of 2017, as some look to digital coins as a safer asset than some fiat currencies amid geopolitical instability. While Nvidia does not disclose exactly how much of its revenue can be attributed to cryptocurrency miners, Jefferies analyst Mark Lipacis said in a Tuesday research note that cryptocurrency miners seeking Nvidia chips to power their transactions could lift the firm’s earnings on Thursday.

Ahead of Nvidia’s earnings report, shares were down 3%. But, according to Reuters, analysts are still expecting Nvidia to report revenue $1.96 billion and earnings per share of 70 cents for the quarter ending July.

Voting Machine Hackers Have 5 Tips to Save the Next Election

American democracy depends on the sanctity of the vote. In the wake of the 2016 election, that inviolability is increasingly in question, but given that there are 66 weeks until midterm elections, and 14 weeks until local 2017 elections, there’s plenty of time to fix the poor state of voting technology, right? Wrong. To secure voting infrastructure in the US in time for even the next presidential election, government agencies must start now.

At Def Con 2017 in Las Vegas, one of the largest hacker conferences in the world, Carsten Schurmann (coauthor of this article) demonstrated that US election equipment suffers from serious vulnerabilities. It took him only a few minutes to get remote control of a WINVote machine used in several states in elections between 2004 and 2015. Using a well-known exploit from 2003 called MS03-026, he gained access to the vote databases stored on the machine. This kind of attack is not rocket science and can be executed by almost anyone. All you need is basic knowledge of the Metasploit tool.



Carsten Schurmann is an associate professor at the IT University of Copenhagen. He is an election technology expert and is heading the DemTech, a research project that investigates how the use of technology in the election process affects voter trust. Jari Kickbusch is a journalist, author and member of the DemTech team. Schurmann and Kickbusch have observed elections in Egypt, Australia, Norway and Estonia, and the United States during 2016 presidential election.

Had Schurmann hacked the WINVote during an election, he could have changed the vote totals stored on the machine, observed voters while they were voting or simply have turned off the machine during voting day to cause havoc. This is not exactly the kind of news that increases public trust in election results. But the really bad news is that since the WINVote voting machine does not provide a paper trail, the manipulations of database would not have been detectable. The same goes for many of the voting machines still in use, which prevent auditors from checking that the votes reflect voter intent.

All of this proses a threat against the heart of US democracy. The people responsible for maintaining and updating these outdated and vulnerable devices are obliged to take steps to rectify the shortcomings and to minimize the risk of disruption through cyber-attacks. Reiterating that everything is secure and safe enough will not do. Here are five recommendations on how to tackle this challenge:

1. Retire old and outdated voting machines.

A voting machine is outdated when it has known security holes. For example, other hackers at Def Con 2017 demonstrated that the Diebold Express-pollbook is exposed to the openSSL vulnerability CVE-2011-4109. Outdated voting machines should either be updated or dumped.

Furthermore: We know from history that all voting machines can be hacked. Voting machines that do not produce a voter verifiable audit paper trail should be decommissioned. In the end paper gives election officials a way a deliver a correct result, even if the technology fails due to hacking attacks, system malfunction, or power outages. If cost is prohibitive, revert to pencil and paper or older non-electronic equipment.

2. Secure voter registration systems and voter databases against hacking attacks.

To ensure that hackers cannot steal or alter voter registrations requires that the data is encrypted and that the cryptographic keys are carefully curated. Adjust administrative processes to minimize the risk of data leakage and unauthorized access. Harden the security of the database systems, for example, by deploying them only on secured and dedicated servers.

3. Require risk limiting audits for any precinct that uses electronic voting machines.

A risk-limiting audit is a statistical method to verify an election result and to detect vote tempering independent of the voting machine technology. By picking a truly random sample of the paper trail of suitable size and inspecting it, one can gain confidence in the correctness of the election result.

4. Adjust the rules of procurement and maintenance of election voting systems.

Policies and laws should reflect that voting machines are used in an ever-changing environment, which is under the adversary’s control. Hence a continuous delivery and installation of security patches should be mandatory. An up-to-date voting machine decreases the risks of hackers disrupting the voting day activities.

5. Improve training of polling station staff.

Election officials need to be able to handle cryptographic keys and to protect them in the face of social engineering and other hacking attacks. Most people could master this after attending a one-day workshop, which covers the basics of IT security.

In the current geopolitical climate protecting the election technologies against hacker attacks is tantamount to protecting the integrity of the election. Many counties have already made good progress. In Colorado risk-limiting audits are required and in Maryland paper trails are mandatory. Unfortunately, it seems unlikely that every state can be completely secured within the next 66 weeks. However, taking the first steps toward legislating for risk-limiting audits and hardening the security of the systems in use should be achievable everywhere.

Election Security Is a Surprisingly Controversial Issue

For all the uncertainty surrounding the Trump campaign’s associations with Russia, one thing remains clear: A foreign power interfered in the US presidential race, with hackers targeting the election systems of 21 states to do so. And yet the government has done precious little to keep it from happening again. The inaction stems not from laziness or ignorance but a deep, possibly unbridgeable divide between state and federal powers.

So far this year, a handful of special elections in the US have gone smoothly, but the threat from Russia still looms, especially as the 2018 midterm races approach. France recently saw Kremlin-led meddling in its own presidential contest, and Germany has expressed fears over its upcoming election as well. Alarmism may not be productive, but states do have reason to worry.

Local officials, though, have bristled at the Department of Homeland Security’s move to designate election systems as “critical infrastructure,” a move designed to unlock resources for system defense upgrades and improve state–federal communication. Everyone agrees that security matters; how to get there is another matter entirely.

Remote Control

The secretaries of state for each state (who, in most cases, act as the top election officials) argue that the move effectively federalizes elections, and imposes uniformity in a way that threatens the diversity and independence that makes the current US election system robust. It hasn’t helped matters that DHS continues to keep them in the dark about information relevant to potential threats—including which 21 states Russia breached.

“How many elections have they run? That would be zero,” says Maine Secretary of State Matt Dunlap about DHS. “The critical infrastructure designation gives me pause because it gives them significant control over how the states run their elections. While they say, ‘We have no intention of taking this over,’ the history of the relationship between the federal agencies and state governments is that they know better and they’re going to tell us what to do.”

DHS claims that the designation simply makes security expertise and funding available, while also improving communication and threat information-sharing between federal and state groups. “The establishment of a subsector does not create federal regulatory authority,” DHS cyberdivision special advisor Samuel Liles said in testimony before the Senate Select Committee on Intelligence, in June. “Elections continue to be governed by state and local officials, but with additional prioritized effort by the federal government to provide voluntary security assistance.”

The National Association of Secretaries of State, which has vocally opposed the critical infrastructure designation from the start, remains skeptical. Many NASS members contend that DHS has already left states out of the loop about last year’s election-meddling, despite the agency’s promises of information-sharing. NASS spokesperson Kay Stimson also notes that despite repeated requests in the past seven months, secretaries still have no way to obtain security clearances so that they can directly discuss classified election system threats with federal officials. The Department of Homeland Security did not return a request from WIRED for comment.

An Urgent Threat

Experts say that spats between NASS and DHS groups have created problematic delays in efforts to secure electoral systems. “Nobody is feeling this urgency enough,” says Lawrence Norden, who coauthored the a recent report, “Securing Elections From Foreign Interference,” from New York University School of Law’s Brennan Center. “There’s a collective action problem. In 2000 everyone looked at Florida and said, ‘What a massive disaster these systems are. We need to replace them.’ So even though you had the breaches this time, nobody can point to one terrible thing that happened to voters on Election Day, and I think that’s a big difference.”

Election officials, like it or not, have made at least some progress in working with DHS to develop the bones of the critical infrastructure setup. And they agree that aid from the federal government has the potential to reinforce strong defenses in states that already have them in place, while crucially helping to raise the bar in states that lag behind. And many secretaries of state acknowledged, at a recent NASS conference, that their aging voting systems need to be replaced.

The designation has found more robust support from the bureaucrats who comprise the National Association of State Election Directors, who generally have prior election experience, and report to the elected secretary of state. Election directors coordinate the technical and logistical on-the-ground operations of elections in each county. “One of the reasons that NASED is more accepting of the DHS designation and thinks it will ultimately be good for us is that not every state has on-site quality personnel that really understand the IT needs,” says NASED president and Colorado election director Judd Choate. “Colorado has 75-plus people who are available to work on elections and elections-related IT any day, any night, whenever we need. Some states have more like two to three employees that do elections and they have to get IT help out of office. So I love the idea that we can get people who can help to advise and assist states that need that assistance.”

Given that participation in DHS programs remains voluntary, opposition to the critical infrastructure designation could keep states that need funding for system overhauls—like Georgia—from reaping the full benefit. “We’ll see how open those states are to accepting it as we go forward,” Choate says. Across the board, officials and analysts agree that lack of DHS communication and focus on state input at the beginning of the critical infrastructure process put officials on the defensive and led them to fear a counterproductive federal takeover of something that has always been a state process.

Act Local

As work on the designation progresses, some officials have become more hopeful about the state/federal collaboration. But state’s rights issues are complicated. Take the recent example of the White House election integrity commission’s controversial voter data collection plan, initiated last month. A number of secretaries of state are on that commission—including Maine’s Dunlap, Kansas Secretary Kris Kobach, and NASS president Connie Lawson, of Indiana—and though they supported the initiative as committee members, they resisted it as representatives of their respective states, only offering information that they could legally provide under their states’ laws.

Dunlap says he didn’t oppose the commission’s plan to request voter data, but he advocated for clear language about the requirements. “What we said is that they should ask for it not demand it, and they should only ask for information that’s publicly available. The problem came in from the interpretation of the request letter, which was drafted by the White House and sent out.” That’s indicative of the general approach the states have to electoral issues; federal help has value in some contexts, so long as it’s optional.

DHS claims that state participation in election security programs is voluntary, but NASS opposes it just the same on the basis of overreach. “I am part of the bipartisan majority of secretaries of state who support a push to rescind the measure, which clashes with some of the most basic principles of our democracy and already seems likely to cause more problems than it actually solves,” NASS’s Lawson said in Congressional testimony three weeks ago.

The Brennan Center’s Norden notes, however, that in his research security experts and election officials overwhelmingly agree about the most effective approaches to strengthening elections systems—measures like replacing aging and insecure voting machines, ensuring that every county has a system for creating paper vote backups, and hiring network security personnel in each state. And given that election security has now become a pressing national security issue, he argues that the costs of these upgrades (one-time costs in the tens of millions of dollars, and yearly maintenance in the millions or less) are minuscule compared to other types of national security spending.

“There has been a gradual move to greater security around election systems, which we shouldn’t discount,” Norden says. “But the threats are moving so much more quickly and I think that hasn’t really sunk in for a lot of people.”

The longer officials debate the merits of the critical infrastructure designation, of course, the less time there will be to actually roll out protections. With crucial elections coming next year, there isn’t much more of it to waste.